Admin was the most common username for WordPress admin users. “Do not use admin as administrator username” is also a well-known WordPress security tip. Everybody knows this, so does hacker. If you like to know, other than Admin, there are…
Tag: Security
Author page is part of WordPress by default. Without manual change, author page URL exposes user login username. From SEO point of view, it may also create duplicated content. For blog website, author page is useful when there are multiple…
One of client’s WordPress site got hacked. The client can’t access the site, even admin dashboard at the back-end, because the site is always being redirected to a phishing site: http://www.indoforextrading.com/. If you run into exactly same problem, here is…
In previous post, I showed you how to possibly discover username on a WordPress site using WPScan. On a regular site without extra layer of security such as 2 factor authentication, username and password are all one needs to gain…
Is your WordPress site infected with malware? It can be extremely headache to deal with. Scanning and cleanup a hacked site isn’t a simple task. There are many things involved and many techniques required to get it done properly. But…
WPScan is a popular black box WordPress security scanner. For anyone who is serious about WordPress security but still stuck with a list of to-do tasks, it is highly recommended to check WPScan out, and learn how to implement it…
In previous post, I mentioned a security tip called “Password Protect WordPress Admin Directory (wp-admin) for Enhanced Security“. Beside http://your-url/wp-admin, there is another login link to your site, which is http://your-url/wp-login.php. Matter of fact, http://your-url/wp-admin still requires access to file…
Everyone knows WordPress well type http://URL/wp-admin for login, so does hacker. Other than using stronger password, there is another way to protect yourself. That is “password protect admin directory”. It adds and additional level of security, works somewhat like two-step…
Most blog owners block comment spam in their WordPress blog heavily relying on anti-spam plugin or built-in Comments Blacklist. While this provides easy solution that works, it does have drawbacks. Because it does NOT stop spammer from doing this, but…
WordPress administrators can modify Theme & Plugin files in build-in editor. The editor provides a convenient approach for site administrator to change something on the fly without going through FTP client. It also makes it possible for novice site owner…